The token-based authentication endpoint is coming soon. Make sure to direct any questions to your Booking.com contact person via the appropriate channels.
Using the OAuth 2.0 authorization framework
Using this approach you can authenticate your identity and obtain a token that you can then use to call the Booking.com Connectivity APIs.
When using this method you must first generate an access token and then call the Booking.com Connectivity APIs.
Step 1: Create a machine account
If you already do not have a machine account using the API token authentication type, you can create one using the Connectivity Portal. Make sure to copy and store the Client ID and Client Secret for later use.
Step 2: Generate an access token
Call the token-based-authentication/exchange endpoint to generate an access token by provding the Client ID and Client Secret for your machine account. The endpoint returns an access token that you can use to call the Booking.com Connectivity APIs.
For example:
POST 'https://connectivity-authentication.booking.com/token-based-authentication/exchange' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_id": "XXXXXXXX-5FC0-11EF-A860-XXXXXXXXX",
"client_secret": "someclientsecret"
}'
The response contains an access token.
For example:
{ "jwt": "someJWTexampleaXZpdHktYXV0aC1wcm94eSIsImF1ZCI6IiIsInRlc3QiOiJ0cnVlIiwibWFjaGluZV9hY2NvdW50X2lkIjoiOTg1MiIsImlzcyI6InVybjovL2Nvbm5lY3Rpdml0eS1tb2Rlcm4tYXV0aC92MSIsInByb3ZpZGVyX2lkIjoiMTUwNyIsImV4cCI6MTcyNDI1MjMzOSwiaWF0IjoxNzI0MjQ4NzM5LCJjbGllbnRfaWQiOiI3NEM3OTQ5Ni01RkMwLTExRUYtQTg2MC02QjIxQTYxRDZEMDgiLCJqdGkiOiJkOWU3YzU5ZC1mMDVjLTRhOWYtOTM5My1jMTRiNDEyM2U3N2IifQ.r5IhMI-1sRn1SPE4Vf_Txhssl7FS99ZwvX_3fs4y9s10lavcJ8dVQSX93T_T8_R5_v0207JcvlDxiI0VBujD98xG6x6XTkShJTmqyuhOQ6uV2CGwlbRfLSBD3-hIxqWQs-d0BIC9lJxKJui3v6raeq2BGjcC9gmHuYKE5lgM4HlYm682WyaOAaMNAmaTq2EkTH-OfwPzeDq4hu63h4v9UXaIw7IwwbA3WDYyEl3xFfpQBRa__Pyxrrpos9VTku2g7h0IKafBOCUaftzOHUDNXCHgdqqdCkwVk0QMxbzZuUu_WXEcgGoQ3XlZFThyD2xJKoqt0PX7jFvF2oLfp96jaQ", "ruid": "980ceb59-2790-7841-b172-57f1c9489653" }
Step 3: Call the Booking.com Connectivity APIs
Once you have an access token, you can use it to call the Booking.com Connectivity APIs.
An example header:
Authorization: Bearer {JWT}
An example request:
curl --location --request POST 'https://supply-xml.booking.com/hotels/xml/rooms' \ --header 'Authorization: Bearer uhTraWQiOiIxIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJjb25uZWN0aXZpdHktYXV0aC1wcm94eSIsImF1ZCI6IiIsInRlc3QiOiJmYWxzZSIsIm1hY2hpbmVfYWNjb3VudF9pZCI6IjEwNjY1IiwiaXNzIjoidXJuOi8vY29ubmVjdGl2aXR5LW1vZGVybi1hdXRoL3YxIiwicHJvdmlkZXJfaWQiOiIxNTA3IiwiZXhwIjoxNzI3NjkzMTI1LCJpYXQiOjE3Mjc2ODk1MjUsImNsaWVudF9pZCI6IjgxMThFQjRBLTdGMTAtMTFFRi1BQjNDLTY2OTQ2Q0NBMzQ1OCIsImp0aSI6ImY2ZTYwNWM5LWYwZTQtNGQxNy1iYmFiLWUzYmQxODMwOGQ4NyJ9.gnCS-MwgOa..Xx6meTcWkpXzstbV228ji_1KRM5K4wp8pm63hqKZngbgIBw4DVlhf5swct_eja86wDDiXd8LXjM3s-jBwsYGoOtUMa0IPk0gw-bPSrU7rgLl3GaUKirf43g5gqV4WlfwEYBsa_pkRYgveaKMXEEpaar1H0rBYXD9jBgrkOyL8Lf8FBGgKi_JvDolg0RxVxUNQiIuW7RDn5xHxdduwmdOEDHv6LQkcclSn4xyoElAXcOjuh0qS20wTf0Zabb2J3L2h2BuL0gKSdwrFlPLWBQYBXKUSK1fjYKarttqTbDDBK2nXgg26cImHByrkfnMm454BzQMRUTEN-g"' \ --header 'Content-Type: application/xml' \ --data-raw '<request> <hotel_id>8135188</hotel_id> </request>'
Authentication failure
The token expires every one hour. The API returns HTTP 401 for a failed authentication attempt when the token expires. Make sure to refresh the token before it expires by calling the token-based-authentication/exchange endpoint.
An example response when using an expired token:
{ "code": "401", "message": "JWT is wrong or expired, please refresh your JWT." }